mod/lostpass.php

   1 <?php
   2 /**
   3  * @file mod/lostpass.php
   4  */
   5 use Friendica\App;
   6 use Friendica\Core\System;
   7 use Friendica\Database\DBM;
   8
   9 require_once 'include/enotify.php';
  10 require_once 'include/text.php';
  11
  12 function lostpass_post(App $a) {
  13
  14         $loginame = notags(trim($_POST['login-name']));
  15         if(! $loginame)
  16                 goaway(System::baseUrl());
  17
  18         $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1",
  19                 dbesc($loginame),
  20                 dbesc($loginame)
  21         );
  22
  23         if (! DBM::is_result($r)) {
  24                 notice( t('No valid account found.') . EOL);
  25                 goaway(System::baseUrl());
  26         }
  27
  28         $uid = $r[0]['uid'];
  29         $username = $r[0]['username'];
  30         $email = $r[0]['email'];
  31
  32         $new_password = autoname(12) . mt_rand(100,9999);
  33         $new_password_encoded = hash('whirlpool',$new_password);
  34
  35         $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d",
  36                 dbesc($new_password_encoded),
  37                 intval($uid)
  38         );
  39         if($r)
  40                 info( t('Password reset request issued. Check your email.') . EOL);
  41
  42
  43         $sitename = $a->config['sitename'];
  44         $resetlink = System::baseUrl() . '/lostpass?verify=' . $new_password;
  45
  46         $preamble = deindent(t('
  47                 Dear %1$s,
  48                         A request was recently received at "%2$s" to reset your account
  49                 password. In order to confirm this request, please select the verification link
  50                 below or paste it into your web browser address bar.
  51
  52                 If you did NOT request this change, please DO NOT follow the link
  53                 provided and ignore and/or delete this email.
  54
  55                 Your password will not be changed unless we can verify that you
  56                 issued this request.'));
  57         $body = deindent(t('
  58                 Follow this link to verify your identity:
  59
  60                 %1$s
  61
  62                 You will then receive a follow-up message containing the new password.
  63                 You may change that password from your account settings page after logging in.
  64
  65                 The login details are as follows:
  66
  67                 Site Location:  %2$s
  68                 Login Name:     %3$s'));
  69
  70         $preamble = sprintf($preamble, $username, $sitename);
  71         $body = sprintf($body, $resetlink, System::baseUrl(), $email);
  72
  73         notification(array(
  74                 'type' => SYSTEM_EMAIL,
  75                 'to_email' => $email,
  76                 'subject'=> sprintf( t('Password reset requested at %s'),$sitename),
  77                 'preamble'=> $preamble,
  78                 'body' => $body));
  79
  80         goaway(System::baseUrl());
  81
  82 }
  83
  84
  85 function lostpass_content(App $a) {
  86
  87
  88         if(x($_GET,'verify')) {
  89                 $verify = $_GET['verify'];
  90                 $hash = hash('whirlpool', $verify);
  91
  92                 $r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1",
  93                         dbesc($hash)
  94                 );
  95                 if (! DBM::is_result($r)) {
  96                         $o =  t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed.");
  97                         return $o;
  98                 }
  99                 $uid = $r[0]['uid'];
 100                 $username = $r[0]['username'];
 101                 $email = $r[0]['email'];
 102
 103                 $new_password = autoname(6) . mt_rand(100,9999);
 104                 $new_password_encoded = hash('whirlpool',$new_password);
 105
 106                 $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = ''  WHERE `uid` = %d",
 107                         dbesc($new_password_encoded),
 108                         intval($uid)
 109                 );
 110
 111                 /// @TODO Is DBM::is_result() okay here?
 112                 if ($r) {
 113                         $tpl = get_markup_template('pwdreset.tpl');
 114                         $o .= replace_macros($tpl,array(
 115                                 '$lbl1' => t('Password Reset'),
 116                                 '$lbl2' => t('Your password has been reset as requested.'),
 117                                 '$lbl3' => t('Your new password is'),
 118                                 '$lbl4' => t('Save or copy your new password - and then'),
 119                                 '$lbl5' => '<a href="' . System::baseUrl() . '">' . t('click here to login') . '</a>.',
 120                                 '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'),
 121                                 '$newpass' => $new_password,
 122                                 '$baseurl' => System::baseUrl()
 123
 124                         ));
 125                                 info("Your password has been reset." . EOL);
 126
 127
 128                         $sitename = $a->config['sitename'];
 129                         // $username, $email, $new_password
 130                         $preamble = deindent(t('
 131                                 Dear %1$s,
 132                                         Your password has been changed as requested. Please retain this
 133                                 information for your records (or change your password immediately to
 134                                 something that you will remember).
 135                         '));
 136                         $body = deindent(t('
 137                                 Your login details are as follows:
 138
 139                                 Site Location:  %1$s
 140                                 Login Name:     %2$s
 141                                 Password:       %3$s
 142
 143                                 You may change that password from your account settings page after logging in.
 144                         '));
 145
 146                         $preamble = sprintf($preamble, $username);
 147                         $body = sprintf($body, System::baseUrl(), $email, $new_password);
 148
 149                         notification(array(
 150                                 'type' => SYSTEM_EMAIL,
 151                                 'to_email' => $email,
 152                                 'subject'=> sprintf( t('Your password has been changed at %s'),$sitename),
 153                                 'preamble'=> $preamble,
 154                                 'body' => $body));
 155
 156                         return $o;
 157                 }
 158
 159         }
 160         else {
 161                 $tpl = get_markup_template('lostpass.tpl');
 162
 163                 $o .= replace_macros($tpl,array(
 164                         '$title' => t('Forgot your Password?'),
 165                         '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'),
 166                         '$name' => t('Nickname or Email: '),
 167                         '$submit' => t('Reset')
 168                 ));
 169
 170                 return $o;
 171         }
 172
 173 }